KORMAN COMMUNITIES GDPR STATEMENT
The new EU General Data Protection Regulation (GDPR) goes into effect on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organization which holds or processes personal data. GDPR introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.
Korman Communities is committed to high standards of information security, privacy
Korman Communities has three main areas of focus in preparing for GDPR overseen by its internal cross-functional team:
Building on existing security and business continuity management systems and PCI-DSS certification, we will also meet ISO 27001, and ISO 22301 standards, to ensure our own compliance.
Korman Communities is working towards robust ISO-based Management Systems (ISMS) and in order to ensure compliance will implement additional or augmented company-wide controls to meet GDPR requirements within the ISMS using internal and external advisors. Led by our Security & Compliance Team, updated information security policies and procedures will build on existing PCI-DSS compliant management systems as the foundation of our Information Control and Classification policy, informed by gap analysis and data protection risk assessments and supported by communication and training programs.
Compliance will be supported by a review of existing contracts with data controllers, the use of sub-contractors and any data export arrangements.
The GDPR requires that data controllers define how data processors use the data they get from controllers. These requirements belong in our contracts with Partner Service Providers. Korman Communities partners store data in secure data centers based outside of the EU, and the GDPR allows this as long as we agree to and follow standard contractual clauses that guarantee the security and privacy of that data. Korman Communities has included language in our SaaS agreements, which provides the necessary information and includes the required contractual clauses. It is required in all current and future Korman Communities Partners Service Providers.
Korman Communities Security and Compliance Team will inform, advise and monitor compliance. The company will implement tools as appropriate that support the process, provide
In many areas the hosted services provided by Korman Communities already conform. As
2. Korman Communities Customer Data and Control
The volume of data handled by organizations is growing and is captured, processed and stored
Furthermore, we are investing in the management of consent to ensure a simple, but
3. Korman Communities Internal Processes, Procedures
As organizations work towards GDPR compliance, ensuring updated policies, procedures and guidelines for the collection, management